After writing a series of blog posts and guides on CentOS for several years now, as part of my Essential Linux Skills with CentOS 7 series, I have decided to publish a free eBook covering the complete guide on setting up your own highly secure web server for blogging (WordPress). Linux is still a hobby, and while it comes in handy for my day job, it has been long since I was a Linux administrator. I once remember someone describing it as an art.

While many of my readers and followers are highly skilled technical consultants and VMware architects, building and maintaining a secure and stable web server for WordPress can pose some challenges. For one, it requires a solid understanding of the Linux operating system and nuances of security with mechanisms such as SELinux. Also it takes time to learn, master and manage. However, I feel the many benefits outweigh these challenges and running your own WordPress blog can be very rewarding. One area I decided to focus heavily on is SELinux. It is often disabled and ignored, and often misunderstood.

Many of us are also on a budget, so simply using AWS Route53, some EC2 nodes and a load-balancer with CloudFront can be costly when considering egress bandwidth charges. I have used various VPS (Virtual Private Server) providers in the past, and recently decided to move back to Linode. I was a customer for several years until I moved to another provider following their ‘Twelve Days of Crisis‘ nightmare. However, the fact that Linode have been so open and having received excellent support in the past I opted to move back and I’m really pleased I did. They are currently offering a $10 a month Linode 2GB plan which comes with 1 vCPU core, 30GB SSD storage, and 2TB transfer per month. For $20 you’ll get 4GB RAM, 2 vCPU cores and 3TB of network transfer.

I’ve been maintaining my own web server for this WordPress blog for several years now, dating back to 2005 when I first starting using CentOS 4 to run my website. Those were the days I switched from authoring websites with Dreamweaver and FTP, to using WordPress and ditching those antiquated tools alltogether. Talking of antiquated, I’ve been working with Unix since 1992 and was a Linux sysadmin for an ISP for several years after that. I’ve also been learning along the way with each release of CentOS/RHEL, and I have taken much more notice of security hardening including the use of SELinux.

As an experiment, I posted a tweet last night merely mentioning SELinux which resulted in some predictable responses including:

I really don’t blame them for disliking SELinux, it seems that is a majority opinion. But I hope to change that! If I can get it working and playing nicely with my WordPress site then so can you. The reason I use SELinux isn’t to make my life any more difficult (though that could be true at times!), but it helps me better understand the inner-workings of CentOS 7 better, while providing significant levels of security.

This is the first of two Essential Linux Skills for CentOS blogs (see part 2). For many years I’ve become used to using service and chkconfig commands to manage services with RHEL (RedHat Enterprise Linux) and CentOS. In fact I first got my hands on a Unix system back in 1993, then got my first ever job as a Unix admin in 1996. I learned about SystemV runlevels, and then became used to using /etc/init.d/<service> to manage services. It takes a while to shake bad old habits, but CentOS 7 now uses systemd as the default init system.

Init (short for initialization) was the first process to start and the last to stop on a SysV (System V Unix) Linux system, and therefore we have the concept of runlevels. Each runlevel represents the state of the system, with runlevel 0 being shutdown (halt), 3 being multiuser mode (in other words it has now booted), and runlevel 5 is running the desktop environment if you use one (X Server starts and you have a desktop). Oh and runlevel 6 restarts the system.

Why is this important? Well, whether you like it or not, having core Linux skills is essential in the IT world we live in. In fact just a few weeks ago I was presenting at VMworld in San Francisco on VMware Horizon for Linux Virtual Desktops technical deep dive. I was approached after the session by a customer that has a project to deploy RHEL virtual desktops to hundreds of students in a college. He thanked me as he had to go home the following week to configure some of those virtual desktops with direct pass-through to NVIDIA GRID graphics cards. The process of doing that requires installation of the driver at runlevel 3, but he had no idea what it meant despite it being a simple command (init 3). It also meant that he learned about how to optimize RHEL by disabling unnecessary services that start at runlevel 3.

At VMware I see more and more customers deploying Linux desktops, but also server workloads are often running Linux (such as the server hosting this blog!), and virtual appliances.

Introduction
This is an updated version of my original LAMP (Linux Apache MySQL and Perl/PHP) guide that was based on CentOS 4. Now updated and tweaked for CentOS 5, I will take you through the steps required to build a secure Linux web server (LAMP) on CentOS 5.

I have a background working for an ISP, so I’ve based this build on the same configuration many hosting providers use. It supports virtual hosts (multiple websites), secure FTP access, locked down SSH access, and a sensible directory structure.

If you follow this guide, you will get a web server up and running within a couple of hours depending on whether you follow it step by step, or prefer to experiment first. If you are new to Linux then give it a try and learn something new, you never know you may surprise yourself!